Neil Conway <neilc(at)samurai(dot)com> writes:
> (2) The length supplied by the user is completely ignored by
> the code, and it simply reads the input until it sees a
> NULL terminator (read the comments in the code about 10
> lines down.) Therefore, any sanity checking on the length
> specified by the user is a waste of time.
Agreed; the fact that the protocol requires a length word at all is just
a hangover from the past. We can read the length word and forget it.
I wonder though if it'd be worthwhile to limit the length of the string
that we are willing to read from the client in the second step. We are
at this point dealing with an unauthenticated user, so we should be
untrusting. And I think Sir Mordred has a point: forcing a backend to
allocate a lot of memory can be a form of DoS attack.
regards, tom lane